# Google dorks

## Générateur de dorks personnel

{% embed url="<https://dorks.s1rn3tz.ovh/googledorks>" %}

## Google, Bing, Yahoo dorks

Il s'agit des méthodes de recherches avancés des moteurs de recherches, en utilisant certaines fonctionnalité des moteurs de recherche que nous utilisons, nous somme parfois capable de retrouver du contenu sensible exposé sur internet.

Exemple de google dorks:

<pre class="language-bash"><code class="lang-bash">site:*target.com
site:*.*.target.com
site:*.*.*.target.com 
site:*target.com filetype:pdf
site:target.* inurl:/admin
site:target.com intext:"index of /"
site:*target.com inurl:"/content/dam"
site:*target.com intitle:"index of" "docker-compose.yml"
<strong>site:*target.com intitle:"index of"|"access_token.json"
</strong><strong>site:*target.com intitle:"index of" "config.json"
</strong><strong>site:*target.com intitle:"index of" "service-Account-Credentials.json" | "creds.json"
</strong>site:*target.com intitle:"index of" "db.json"
site:*target.com intitle:"index of" "credentials.json"
site:*target.com intitle:"index of" "awsconfig.json"
site:*target.com filetype:csv admin
site:codepad.co "company"
site:scribd.com "company"
site:npmjs.com "company"
site:npm.runkit.com "company"
site:libraries.co "company"
site:ycombinator.com "company"
site:coggle.it "company"
site:papaly.com "company"
site:google.com "compagny"
site:trello.com "company"
site:prezi.com "company"
site:jsdelivr.net "company"
site:codepen.io "company"
site:codeshare.io "company"
site:sharecode.io "company"
site:pastebin.com "company"
site:repl.it "company"
site:gitter.im "company"
site:bitbucket.org "company"
site:zoom.us "company"
site:atlassian.com "company"
site:s3.amazonaws.com inurl:"company"
site:storage.googleapis.com "http://target.com"
inurl:gitlab "company"
intext:"index of" /etc/passwd
intext:"index of" /etc/shadow
"index.of" id_rsa inurl:target
"index.of" private.key inurl:target
"© target 20XX"
"© 20XX target"
inurl:ftp inurl:(http|https) "target" filetype:pdf
...
</code></pre>

### AWS S3 buckets

```
inurl:s3.amazonaws.com/legacy/
inurl:s3.amazonaws.com/uploads/
inurl:s3.amazonaws.com/backup/
inurl:s3.amazonaws.com/mp3/
inurl:s3.amazonaws.com/movie/
inurl:s3.amazonaws.com/video/
...
```

## Autres stockages cloud

```
site:http://blob.core.windows.net "target.com"
site:http://googleapis.com "target.com"
site:http://drive.google.com "target.com"
site:dropbox.com/s "target.com"
site:box.com/s "target.com"
site:docs.google.com inurl:"/d/" "target.com"
```

## Documentation API

```
inurl:/swagger-ui.html -github -gitlab -reddit -stackoverflow -medium
inurl:/api/swagger -github -gitlab -reddit -stackoverflow -medium
inurl:/api/v1/docs | inurl:/api/v2/docs | inurl:/api/v3/docs
inurl:/api/apidocs
```

## CMS

<pre><code><strong>#Drupal
</strong><strong>intext:"Powered by Drupal" inurl:"/node/1" -drupal.com -drupal.org -github
</strong>inurl:"sites/all/modules/ckeditor" -drupalcode.org

#WordPress
intext:"Index" inurl:"wp-" -wordpress.org -stackexchange -github
inurl:"/wp-json/wp/v2/users/" "id":1,"name":" -wordpress.stackexchange.com -stackoverflow.com
inurl:"/wp-content/uploads"
inurl:"wp-register.php" -wordpress.com -wordpress.org -github
intitle:"index of" "wp-config.php.bak"

#Joomla
inurl:"/libraries/joomla/database/"
</code></pre>

## Frameworks

```
#Symfony
intitle:"index of" "symfony/config"
inurl:"_fragment" | inurl:"_profiler"
inurl:"_profiler/phpinfo"
inurl:"_profiler/open"

#Ruby on rails
inurl:"index.rb"
inurl:"/config/database.yml"
inurl:"/config/initializers/secret_token.rb"
inurl:"/db/seeds.rb"
inurl:"/db/development.sqlite3"
```

### Git exposé

```
“index of” inurl:.git
intitle:"index of" .git/hooks/
filetype:git
```

## Cache

Voir version de site web en cache:

```
cache:exemple.com/blabla
```

## Monitoring

Il est également possible de recevoir des alertes à chaque nouveau résultat pour une recherche donnée avec google.

ressource: <https://www.google.com/alerts>

### 0xdork

0xdork est un outil de google dorking très simple et léger écrit en python.

Exemple d'utilisation:

*`$ ./oxdork -q site:*.target.com -c 30`*

ressource: <https://github.com/rly0nheart/oxdork.git>

### Katana

Katana est un autre outil permettant de récupérer les réponse à une google dork.

Exemple d'utilisation:

*`$ python3 kds.py -g`*

ressource: <https://github.com/TebbaaX/Katana>

ressources:&#x20;

* <https://www.exploit-db.com/google-hacking-database>
* <https://gist.github.com/sundowndev/283efaddbcf896ab405488330d1bbc06>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.s1rn3tz.ovh/osint-recon/manuel-dorks/google-dorks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.